Evolution of White-Box Cryptography: From Table-Based Implementations to Recent Designs Michael J. Wiener 2016 August 14 1
Outline ▪ Why do we bother with white-box cryptography (WBC)? ▪ The origins of WBC ▪ Attacks and countermeasures ▪ BGE, DFA, DCA ▪ New generations of WBC designs ▪ Research needed ▪ Theory of security ▪ Indistinguishability obfuscation ▪ White-box friendly ciphers ▪ Other directions for software security ▪ Trusted execution environments ▪ Homomorphic encryption ▪ Conclusions 2
What is White-Box Cryptography? ▪ In industry, we use a pragmatic definition of WBC: White-box cryptography is the design of software implementations of cryptographic algorithms that resist attack. ▪ What is an attack? Some possibilities: ▪ We know it when we see it. ▪ Anything that disrupts business. ▪ Anything that creates a viable business for the attackers. 3
Main Attacks on White-Box Cryptography Key extraction Key - WBC tries to keep keys hidden while WBC extract encrypting with them. implementation - Attackers try to extract these keys. Code lifting - Attackers try to lift the entire implementation instead of just WBC extracting a key copy implementation - We use techniques to lock software to a given platform. 4
A Misconception about White-Box Cryptography ▪ Early in its history, there was a misconception that WBC competes with traditional cryptography. Modern cryptography: WBC: Tremendous advances: Complements traditional ▪ ▪ cryptography ▪ AES ▪ In theory, AES takes trillions ▪ Public key of years to break ▪ Secure protocols ▪ All just theoretical before we ▪ Without WBC, reading an implement in hardware or AES key out of memory may software only take seconds ▪ If WBC has shortcomings, we cannot just go back to traditional cryptography. ▪ We have to implement algorithms securely somehow. 5
Is WBC Really Needed? ▪ If WBC is important, how have we got along without it? ▪ In reality, WBC is in widespread use in many applications. ▪ Details are kept secret. ▪ If your smart phone only contains trusted software and is only ever under the physical control of trustworthy people, then you don’t need WBC. ▪ However, if you live on earth where we have attackers and malware, you may benefit from using WBC. 6
A Common Criticism of WBC The claim: What they are comparing: Attackers who have “WBC is less secure + WBC implementations full software access than traditional (black- box) cryptography.” vs. Unprotected black- Attackers with no + box cryptographic side-channel access implementations or software access We have limited control over the attacker’s powers. The work we do on WBC is a reflection of the reality of attacker powers. We cannot wish away software vulnerability. 7
Early WBC Research Pioneering work on WBC was done at Cloakware (later acquired by Irdeto) by Chow et al. for AES [CEJvO] and DES [CEJvO2]. This work began with a simple observation: Plaintext For a given encryption key, building a table mapping all input data (plaintext) to output data (ciphertext) is - Hopelessly impractical (for AES, 2 128 Table entries) - But secure against key extraction! Ciphertext This led to the idea of using many small tables instead of one big one. 8
Implementing AES with Tables For a complete tutorial on the first AES design, see James Muir’s paper [M13]. We start with an insecure table-based AES implementation and look at how Chow et al. modified it. 3 of the 4 AES steps are quite straightforward. ShiftRows AddRoundKey SubBytes x Just moves bytes S-box around. No tables x ⊕ key byte needed. 9
Fourth AES Step: MixColumns MixColumns involves expanding 8 bits to 32 bits and XORing four 32-bit values. There are 4 different expansions (Ty0, Ty1, Ty2, Ty3). 4 bits 4 bits • XORing is done 4 bits at a time to control table size. XOR 4 bits 8 bits 8 bits 8 bits 8 bits Ty0 Ty1 Ty2 Ty3 32 bits 32 bits 32 bits 32 bits Network of many 4-bit XOR tables 32 bits 10
Chow et Al. Modifications Table Composition Whenever one T-box AddRoundKey table feeds Ty o T-box T-box directly into S-box Ty another table, replace the two tables with one composed table. Ty0 o T-box Ty1 o T-box Random Bijections Ty0 o T-box Ty1 o T-box b a Compose concatenated 4- XOR a -1 b -1 bit random bijections (a and XOR b) that cancel. 11
Narrow Definition of WBC ▪ Many people consider WBC to mean table-based designs similar to the original Chow et al. AES and DES implementations. ▪ We take a much broader view. ▪ WBC is any attempt to design attack-resistant cryptographic software. E.g., ▪ Different types of tables ▪ Possibly no tables at all ▪ Protections using software security methods ▪ … 12
Broader Definition of WBC Software Protection Cryptography Preventing White-Box - Data privacy - Software Cryptography - Authentication modification - Protecting - Access control - Reverse- cryptographi - Identity privacy engineering c software - … - … 13
A Note on WBC Efficiency Security is very important, but hard to measure. Security tends to get focus after a successful attack in the field. Until then, size and speed concerns dominate. WBC software vs. unprotected cryptographic software: 10x bigger and slower Usually acceptable 100x bigger and slower Sometimes acceptable 1000x bigger and Almost always slower unacceptable All security measures must give enough benefit to justify their 14 costs.
1 st Generation of WBC Broken ▪ Chow et al. made important contributions. ▪ But they gave us just the 1 st generation of WBC. ▪ This is good because this 1 st generation has been thoroughly broken. ▪ Billet et al. found the first attack [BGE] on the published white-box AES [CEJvO]. They were able to extract the AES key. 15
Further Attacks on the First White-Box Implementations We investigated each white-box table further: Each table We were able to extract Table Extract comprises multiple all table components up to = f ◦ g ◦ h f, g, h operations the information theoretic bound. The break was thorough and we later developed countermeasures for new white-box implementations. The details of this 2 nd generation of white-box AES and triple-DES were never published. 16
Academic Criticism of WBC Barak et al. proved: Some people conclude: There exist programs that cannot be protected WBC cannot work. [BGIRSVY]. Not true. In the practical world we do not need to protect all programs. It is clearly possible to make the life of hackers and reverse-engineers harder. 17
The Latest WBC Attacks ▪ The second generation of WBC designs resisted attacks like that of Billet et al. [BGE], but fell to two new attacks borrowed from hardware side channel work. ▪ Differential Fault Analysis (DFA) ▪ Differential Computation Analysis (DCA) ▪ We needed to move on to a third generation of WBC designs. 18
Differential Fault Analysis (DFA) DFA was originally an attack on hardware crypto implementations [BS97]. But it works on white-box implementations as well. An example showing part of the final stage of DES: Desired fault injection point Attacker first runs code and records 6 ciphertext. 6 key bits 4 Then injects fault and records faulty S ciphertext. 4 Only certain combinations of 6 key bits are consistent with the results. ciphertext Rinse and repeat until entire key is known. 19
DFA Countermeasures White-Box DFA Attack Requirements Countermeasures Ability to inject the right types of • Redundant computations to detect faults faulty data • Disguise redundancy with distinct data transforms • Corrupt ciphertext if redundant computations do not match Ability to make faults that affect just • Transformations on data with wide a few bits scope • Changing transformed data affects many ‘original’ bits Ability to view ciphertext • Apply data transformations to This led to a 3 rd generation of white-box AES and triple- ciphertext DES whose details were never published. 20
Differential Computation Analysis (DCA) DCA [BHMT] is based on Differential Power Analysis (DPA) [KJJ99]. DPA extracts keys from physical crypto implementations by examining power usage. An example (showing part of the final stage of DES): Choose a guess of the 6 key bits. 6 6 key bits Execute DES for many random plaintexts, 4 record ciphertext and power consumption traces. S 4 Compute one internal bit for each trace. Average the 0-traces and 1-traces Computable if we separately. know the 6 key ciphertext bits If there is a non-random difference 21 between the averages, then the 6-bit key
Recommend
More recommend